1*c8dee2aaSAndroid Build Coastguard Worker /*
2*c8dee2aaSAndroid Build Coastguard Worker * Copyright 2023 Google, LLC
3*c8dee2aaSAndroid Build Coastguard Worker *
4*c8dee2aaSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be
5*c8dee2aaSAndroid Build Coastguard Worker * found in the LICENSE file.
6*c8dee2aaSAndroid Build Coastguard Worker */
7*c8dee2aaSAndroid Build Coastguard Worker
8*c8dee2aaSAndroid Build Coastguard Worker #include "fuzz/Fuzz.h"
9*c8dee2aaSAndroid Build Coastguard Worker #include "fuzz/FuzzCommon.h"
10*c8dee2aaSAndroid Build Coastguard Worker #include "include/core/SkCanvas.h"
11*c8dee2aaSAndroid Build Coastguard Worker #include "include/core/SkPaint.h"
12*c8dee2aaSAndroid Build Coastguard Worker #include "include/core/SkShader.h"
13*c8dee2aaSAndroid Build Coastguard Worker #include "include/core/SkSurface.h"
14*c8dee2aaSAndroid Build Coastguard Worker #include "include/effects/SkRuntimeEffect.h"
15*c8dee2aaSAndroid Build Coastguard Worker #include "include/private/base/SkTArray.h"
16*c8dee2aaSAndroid Build Coastguard Worker #include "src/gpu/ganesh/GrShaderCaps.h"
17*c8dee2aaSAndroid Build Coastguard Worker
18*c8dee2aaSAndroid Build Coastguard Worker using namespace skia_private;
19*c8dee2aaSAndroid Build Coastguard Worker
20*c8dee2aaSAndroid Build Coastguard Worker /**
21*c8dee2aaSAndroid Build Coastguard Worker * The fuzzer treats the input bytes as an SkSL blend program. The requested number of
22*c8dee2aaSAndroid Build Coastguard Worker * uniforms and children are automatically synthesized to match the program's needs.
23*c8dee2aaSAndroid Build Coastguard Worker *
24*c8dee2aaSAndroid Build Coastguard Worker * We fuzz twice, with two different settings for inlining in the SkSL compiler. By default, the
25*c8dee2aaSAndroid Build Coastguard Worker * compiler inlines most small to medium functions. This can hide bugs related to function-calling.
26*c8dee2aaSAndroid Build Coastguard Worker * So we run the fuzzer once with inlining disabled, and again with it enabled.
27*c8dee2aaSAndroid Build Coastguard Worker * This gives us better coverage, and eases the burden on the fuzzer to inject useless noise into
28*c8dee2aaSAndroid Build Coastguard Worker * functions to suppress inlining.
29*c8dee2aaSAndroid Build Coastguard Worker */
FuzzSkRuntimeBlender_Once(const SkString & shaderText,const SkRuntimeEffect::Options & options)30*c8dee2aaSAndroid Build Coastguard Worker static bool FuzzSkRuntimeBlender_Once(const SkString& shaderText,
31*c8dee2aaSAndroid Build Coastguard Worker const SkRuntimeEffect::Options& options) {
32*c8dee2aaSAndroid Build Coastguard Worker SkRuntimeEffect::Result result = SkRuntimeEffect::MakeForBlender(shaderText, options);
33*c8dee2aaSAndroid Build Coastguard Worker SkRuntimeEffect* effect = result.effect.get();
34*c8dee2aaSAndroid Build Coastguard Worker if (!effect) {
35*c8dee2aaSAndroid Build Coastguard Worker return false;
36*c8dee2aaSAndroid Build Coastguard Worker }
37*c8dee2aaSAndroid Build Coastguard Worker
38*c8dee2aaSAndroid Build Coastguard Worker sk_sp<SkData> uniformBytes;
39*c8dee2aaSAndroid Build Coastguard Worker TArray<SkRuntimeEffect::ChildPtr> children;
40*c8dee2aaSAndroid Build Coastguard Worker FuzzCreateValidInputsForRuntimeEffect(effect, uniformBytes, children);
41*c8dee2aaSAndroid Build Coastguard Worker
42*c8dee2aaSAndroid Build Coastguard Worker sk_sp<SkBlender> blender = effect->makeBlender(uniformBytes, SkSpan(children));
43*c8dee2aaSAndroid Build Coastguard Worker if (!blender) {
44*c8dee2aaSAndroid Build Coastguard Worker return false;
45*c8dee2aaSAndroid Build Coastguard Worker }
46*c8dee2aaSAndroid Build Coastguard Worker SkPaint paint;
47*c8dee2aaSAndroid Build Coastguard Worker paint.setColor(SK_ColorRED);
48*c8dee2aaSAndroid Build Coastguard Worker paint.setBlender(std::move(blender));
49*c8dee2aaSAndroid Build Coastguard Worker
50*c8dee2aaSAndroid Build Coastguard Worker sk_sp<SkSurface> s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(4, 4));
51*c8dee2aaSAndroid Build Coastguard Worker if (!s) {
52*c8dee2aaSAndroid Build Coastguard Worker return false;
53*c8dee2aaSAndroid Build Coastguard Worker }
54*c8dee2aaSAndroid Build Coastguard Worker s->getCanvas()->drawPaint(paint);
55*c8dee2aaSAndroid Build Coastguard Worker
56*c8dee2aaSAndroid Build Coastguard Worker return true;
57*c8dee2aaSAndroid Build Coastguard Worker }
58*c8dee2aaSAndroid Build Coastguard Worker
FuzzSkRuntimeBlender(const uint8_t * data,size_t size)59*c8dee2aaSAndroid Build Coastguard Worker bool FuzzSkRuntimeBlender(const uint8_t *data, size_t size) {
60*c8dee2aaSAndroid Build Coastguard Worker // Test once with optimization disabled...
61*c8dee2aaSAndroid Build Coastguard Worker SkString shaderText{reinterpret_cast<const char*>(data), size};
62*c8dee2aaSAndroid Build Coastguard Worker SkRuntimeEffect::Options options;
63*c8dee2aaSAndroid Build Coastguard Worker options.forceUnoptimized = true;
64*c8dee2aaSAndroid Build Coastguard Worker bool result = FuzzSkRuntimeBlender_Once(shaderText, options);
65*c8dee2aaSAndroid Build Coastguard Worker
66*c8dee2aaSAndroid Build Coastguard Worker // ... and then with optimization enabled.
67*c8dee2aaSAndroid Build Coastguard Worker options.forceUnoptimized = false;
68*c8dee2aaSAndroid Build Coastguard Worker result = FuzzSkRuntimeBlender_Once(shaderText, options) || result;
69*c8dee2aaSAndroid Build Coastguard Worker
70*c8dee2aaSAndroid Build Coastguard Worker return result;
71*c8dee2aaSAndroid Build Coastguard Worker }
72*c8dee2aaSAndroid Build Coastguard Worker
73*c8dee2aaSAndroid Build Coastguard Worker #if defined(SK_BUILD_FOR_LIBFUZZER)
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)74*c8dee2aaSAndroid Build Coastguard Worker extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
75*c8dee2aaSAndroid Build Coastguard Worker if (size > 3000) {
76*c8dee2aaSAndroid Build Coastguard Worker return 0;
77*c8dee2aaSAndroid Build Coastguard Worker }
78*c8dee2aaSAndroid Build Coastguard Worker FuzzSkRuntimeBlender(data, size);
79*c8dee2aaSAndroid Build Coastguard Worker return 0;
80*c8dee2aaSAndroid Build Coastguard Worker }
81*c8dee2aaSAndroid Build Coastguard Worker #endif
82